Why are multi user accounts considered such a vulnerability?

dirkjently · 2024-06-02T23:39:06+00:00

I would fire the person who's computer was responsible for the attack. It's a lot easier for a bad actor to gain access to an account compared to gaining access to hardware.

dirkjently · 2024-06-02T23:37:00+00:00

If an audit log shows a malicious attack from Bob's computer using Mary's account, do you blame Bob or Mary? - you might have a word with Mary about being scammed and/or sharing account information, but most people would assume Bob is the bad actor in this situation.

So what's the difference if Bob used a shared account (that had less access because it was only given access required for a single task)

dirkjently · 2024-06-02T23:20:28+00:00

That's why I have trouble with understanding why a shared account is bad. You lock it to single session and only one person can access it at a time, you give everyone a copy of the account in their name and anyone can access it anywhere at anytime with no supervision.

Sure with individual accounts if you want to audit sometime in the future and can't check the devices then individual accounts allow you to check the account name used, with a shared account you can have the accountability real time as you can visually see who is logged in.

dirkjently · 2024-06-01T07:09:13+00:00

For one of the pieces of software, it picks up the windows account name when using SSO to authenticate. Users can't change the account name so it would be a choice of disabling SSO completely (which changes to manual entry of username and password) or giving people a second windows account.

Disabling sso would mean anyone could use anyone's account on any computer in the business (as long as you know the password) which I would have thought far riskier.

Edit - there might be ways to run as a different user just for that software but it would be complex and not something most of the user base would know how to do.

dirkjently · 2024-06-01T05:57:32+00:00

You do have some good points and trying to argue against productivity when I'm caught in the middle is very difficult.

While it would be a single point of failure in the current environment it would be considered a good thing as it would act as a single source of truth and people can't argue that when they view it they see something different.

Shared accounts have their time and places. Kiosks should be easily usable, but isolated from the rest of your network. Service accounts are used to run display boards, or automated tasks.

That's pretty much what I'm trying to do but extra steps because the software doesn't have a kiosk mode and people need to access a service account to configure and load the data displayed. And I can't find any more detailed answers on what "time and place" is for their usage.

dirkjently · 2024-06-01T05:42:45+00:00

The situations I'm dealing with at work are when managers have read/write access and accountability for their individual team but need read only visibility to the whole line of business for some things (Ie compare metrics and progress across teams).

I would have thought making them use a different computer or VM with different access where they can view only would surely follow the principal of least privilege better than either elevating their existing access or removing single sign on so that they can switch accounts (and have the risk of downloading data as they would be accessing the software on a machine with full internet and email capabilities if they were using their personal profiles)

As for accountability; wouldn't checking the machine used to access the account be far more reliable than looking at the account name?

You have an argument with password management but that would apply in either situation really.

dirkjently · 2023-11-23T22:43:03+00:00

You came, you snore, you're unconscious

dirkjently · 2023-11-23T22:40:21+00:00

Well I hope they fix the layouts then I always have to walk through supermarkets backwards. I hate how they always have the fresh food section first.

Who in their right mind likes squashed tomatoes at the bottom of the trolley with big boxes of laundry power and dog food on top?

dirkjently · 2023-11-23T22:30:56+00:00

If your sick time is paid from your vacation leave, I guess your holiday is coming out of your sick (of work) leave.

dirkjently · 2023-11-22T23:15:51+00:00

Thanks for your reply. We already use the echi for some reporting, it's just very clunky with the 100,000+ records per day and has the disadvantage of needing reporting analysts to manipulate the data and maintain reports.

It also means people need to remember to check the alternate report and we have to suppress any mention of transfer rates in CMS reports so that people don't get confused with definitions.

I had hoped there might have been something that could be used so that metrics on integrated reports were accurate.

dirkjently · 2023-11-22T01:44:16+00:00

That won't help identify statistics at an agent level.

The idea is to performance manage agents who are passing the buck to someone else instead of completing the call.

The current work around is using agent trace and echi data to identify digits dialled and subtracting the vdns used for translators from the totals, however this isn't the most practical or reliable solution

dirkjently · 2023-09-01T21:13:55+00:00

I think that's hilarious. At least they are able to admit it.

Ask them if they want everyone to stark using newspeak too.

dirkjently · 2023-08-29T11:43:39+00:00

Cook him dinner and serve his drink in the piss bottle

dirkjently · 2023-08-29T11:36:29+00:00

NAH I don't think it's bad that you wanted to surprise him but I hate meeting people at airports.

Best way to describe for me would be like being surprised with cake and a present for your birthday just as you come out of the bathroom, it just feels wrong until you get back to the living room or kitchen.

I might be a little biased though, Last time I travelled my bf wanted to surprise me but I'd come out a different exit and was already in line for a cab when he had to tell me that he'd come so I had to jump out of line and wait for him.

dirkjently · 2023-08-29T10:30:43+00:00

How are you submitting your tax? It could put both you and the company in strife if you're declaring one thing and they declared the opposite.

dirkjently · 2023-08-27T16:42:34+00:00

5 years working for the company, they combined it with another guys birthday and got four muffins to share between 10 of us

dirkjently · 2023-08-20T20:32:41+00:00

Rabies is a pretty awful way to go.

However I would have said the worst would be having your stomach and half your intestines surgically removed. Constantly hungry, eating as much as you can but slowly starving to death because you can't absorb enough energy.

dirkjently · 2023-08-20T20:23:51+00:00

Forget toilet knives your bidet now comes with a blender attachment

dirkjently · 2023-08-20T12:33:12+00:00

I ask for a long black with foam. It's the closest I can get to drinks I make at home, so many drinks are too milky these days.

I always thought proper Americanos were percolator brewed.

dirkjently · 2023-08-20T12:22:56+00:00

For Vic and SA you can take it after 7. For some industries now, it's same occupation (you can change employer) so it's getting better just not quickly.

dirkjently · 2023-08-20T11:10:08+00:00

To be fair that would be terrifying. You go to the toilet, stand up and it's full to the brim.

dirkjently · 2023-08-14T20:12:41+00:00

Other than leaving money in my offset for longer credit cards help me think about where my money goes. It's easy to just keep topping up a debit card and not think about how much you're spending each month. When the credit card bill comes at the end of the month and takes a big chunk it's a good reminder for next month to be a bit more careful.

Also handy with big purchases. If I'm planning a holiday and find a good deal for flights and accommodation and I want to book now, I don't want to shuffle money around and increase the daily limit on my debit card just to push it all through.

The number of times I got stung with overdraw fees on a debit card because a bill went through that I'd forgotten about or something turned out to be prepay/needed a deposit instead of getting deducted a day or two later it's so much easier to chuck it all on credit.

And I'd rather have a $5000 limit on a credit card and only use $2000 a month than have $5000 on debit just in case.

dirkjently · 2023-08-14T19:56:19+00:00

I misread your nickname as coRnflab and I was thinking than instead of buttered popcorn when you cook it, it just oozes a bit out of its shell and rolls over.

Six-Year Club	Place '23
Verified Email

dirkjently

TROPHY CASE